So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
Sens. Marsha Blackburn, R-Tenn., and Amy Klobuchar, D-Minn., on Wednesday restarted the Senate's privacy legislation conversation with a hearing exploring what “core principles” and state protections could be incorporated into a federal bill.
The U.S. Supreme Court decision that upheld Texas' law requiring age verification to access adult websites (see 2506270041) will have a ripple effect, prompting the creation of similar laws in states along with constitutional questions about how and where age verification can happen, said privacy experts in recent blog posts. Similarly, advocacy groups that disagreed with the high court's decision argued it may embolden other states to expand the definition of off-limits material, further challenging the First Amendment and ultimately letting politicians make content decisions (see 2507070037).
Colorado shouldn’t use upcoming kids’ privacy regulations as a “back door” to require age verification, retailers warned the state’s law department last week. In addition to warning against requiring verification through possible rules about a company’s “willful disregard” of a user being a minor, industry groups cautioned that any regulation of system design features mustn’t violate the First Amendment.
The environment around data privacy is changing constantly as state regulators emphasize different issues, collaborate outside their offices and sometimes investigate activities that started years ago, Ballard Spahr lawyers said during a webinar Wednesday. Accordingly, these trends mean companies must be constantly vigilant throughout their operations.
Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
Managing AI privacy concerns in an organization requires expanding existing frameworks but also increasing collaboration across the business in acknowledgment of AI's wide potential to touch many areas, panelists said during an IAPP webinar on Tuesday.
The FTC’s 2024 settlement with NGL Labs and 2023 agreement with Epic Games could serve as a blueprint for federal and state enforcers protecting teens from privacy and design-related harms, former Consumer Protection Bureau Director Samuel Levine told Privacy Daily in an interview Monday.
The New York Child Data Protection Act (NYCDPA), which took effect Friday, is unique for many reasons, including its age-flag requirement and because New York lacks a comprehensive law covering users of all ages, experts said in interviews. However, like a good deal of privacy and online safety regulations, it may face legal challenges, said Jason Oliveri, data privacy partner at Hinshaw & Culbertson.